Do you use let's encrypt?

Archive for 2013

The GNU Virtual Private Ethernet software allows you to join multiple distinct hosts into a small private network, via a static set of public/private keys. It is ideally suited to joining a small number of hosts in a secure fashion.

Thinking Disk Encryption give you more peace of mind? Then think again. It's well known that "fail to plan" means "plan to fail". But when comes to Disk Encryption I did not see any reasonable planning on disk failure, even though I've googled extensively.

There are many times when having access to a queue is useful when you're developing projects and code. These days there are several available queueing daemons available, and here we're going to look at one of them, beanstalkd.

This site was previously hosted upon a single machine, and was recently moved to a cluster instead. This broke the search interface which had to be reworked and this article describes how the new site-search was implemented.

Recently I was hit be a problem which was ultimately caused by a failure to run a cron-job. Here I'm going to document the three most common means for failure that I know about, in the hopes of avoiding them in the future.

Many people use SSH keys for password-less logins, and the increase in security that keys provide over (traditionally weaker) passwords. But few people seem to realize that you can also restrict logins to known-good IP addresses, via that same mechanism.

Several years ago, I implemented a centralized syslog-ng server for our Linux servers, switches, routers and firewalls. It worked very well, but I ran into situations where I would not be in front of my laptop but I wanted to be notified of something coming through.

For the past nine years this site has been hosted upon a single dedicated server, graciously donated by my employer Bytemark. Over time it has been upgraded, but despite that it has become apparent that a single-server wasn't sufficient, unless it was a huge server - so with that in mind I've recently redeployed this site in a mini-cluster.

Redis is one of the new breed of NO-SQL storage systems, which was directly inspired by memcached. Redis allows you to store and retrieve data at blazing speed and unlike memcached it has built-in support for many primitives such as sets, lists, and hashes. Read on to learn more.

There are many times when you wish to add SSL around an existing HTTP-server, if you were running Apache you'd do that directly. But if you're running a node.js application, a Varnish cache, or other software you might be out of luck. Happily wrapping SSL around a HTTP-server is simple with pound.

I'm going to describe how you can display and control your primary desktop remotely from a secondary so that it everything works really well. To do that, we are going to bolt together several commonly used linux components. Along the way I'll pass on some personal drivel about my own experience in doing this. The idea behind this being that you get a feel of how things hang together.